[PM-35117] fix: Getting updated values from KDF before displaying update KDF prompt

[aj-rosado]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-35117

📔 Objective

Avoid a loop state where users that updated the KDF information on a different client are stuck with after unlock.
Adding kdf info on state and calling sync to get the most recent data before displaying the prompt

[codecov]

Codecov Report

❌ Patch coverage is 85.00000% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.65%. Comparing base (7d2bfe1) to head (dd3e84a).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...ta/auth/repository/util/UserStateJsonExtensions.kt	55.55%	0 Missing and 4 partials ⚠️
...bitwarden/ui/vault/feature/vault/VaultViewModel.kt	93.54%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6802      +/-   ##
==========================================
+ Coverage   85.41%   85.65%   +0.23%     
==========================================
  Files         871      871              
  Lines       60064    60072       +8     
  Branches     8613     8621       +8     
==========================================
+ Hits        51304    51453     +149     
+ Misses       5775     5629     -146     
- Partials     2985     2990       +5     

Flag	Coverage Δ
app-data	17.21% <12.50%> (+0.01%)	⬆️
app-ui-auth-tools	20.62% <0.00%> (-0.01%)	⬇️
app-ui-platform	15.63% <0.00%> (+0.35%)	⬆️
app-ui-vault	26.56% <72.50%> (+0.01%)	⬆️
authenticator	6.55% <0.00%> (-0.01%)	⬇️
lib-core-network-bridge	4.28% <0.00%> (-0.01%)	⬇️
lib-data-ui	1.03% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Checkmarx One – Scan Summary & Details – 265c4c2f-3e5e-45fb-84b8-c3fc197e510d

Great job! No new security vulnerabilities introduced in this pull request

[david-livefront]

Can we put this in the state

[david-livefront]

Why is there a ``tryhere,syncForResult` does not throw anything

[aj-rosado]

Claude review tricked me here, it flagged this as necessary in case the syncForResult throws.
Although it should never throw.

[david-livefront]

Can we move this suppression closer to the offending location.

[david-livefront]

Ping on this

[david-livefront]

This suppression is not needed

[david-livefront]

Can you verify the entire state instead of just the dialog.

[david-livefront]

This suppression is not needed

[david-livefront]

Same thing, you should be validating the entire state.

[david-livefront]

Ditto

[david-livefront]

Can we move this closer to the offending line of code

[github-actions]

Code Review: PM-35117 fix: Getting updated values from KDF before displaying update KDF prompt

PR: #6802 | Author: aj-rosado | Reviewed by: Claude

Summary

This PR fixes a loop state where users who updated their KDF settings on another client would get stuck in a KDF update prompt after unlock. The fix has two parts:

1. Sync KDF from server: toUpdatedUserStateJson now extracts KDF settings (kdfType, kdfIterations, kdfMemory, kdfParallelism) from the sync response's userDecryption.masterPasswordUnlock.kdf, falling back to existing profile values when not present.

2. Force sync before showing dialog: VaultViewModel now forces a sync when needsKdfUpdateToMinimums() is true, using an isAwaitingKdfSync flag to suppress the KDF dialog until the sync completes. After sync, it re-checks whether the update is still needed before showing the dialog.

Findings

No issues found. The implementation is clean and well-tested:

• The isAwaitingKdfSync guard correctly prevents the race condition where getDialogVaultLoaded could show the dialog before the sync response updates local KDF state.
• The sync-then-recheck pattern in handleKdfSyncCompletedReceive properly handles both outcomes (KDF already updated on server vs. still needs updating).
• Test coverage includes the key scenarios: forced sync trigger, dialog suppression during sync, dialog shown/hidden based on post-sync state.
• Test fixtures (createMockUserDecryption, createMockMasterPasswordUnlock) are well-structured for reuse.
• The default change in createMockSyncResponse (userDecryption = null -> createMockUserDecryption(number)) is reflected in updated test assertions.

Verdict: Approved ✅